AA 
APPENDIX 


EXAM OBJECTIVES FOR MCSE 
CERTIFICATION EXAM #70-220: 
DESIGNING SECURITY FOR A 
MICROSOFT WINDOWS 2000 
NETWORK 


ANALYZING BUSINESS REQUIREMENTS 


Objective Chapter: Section 


Analyze the existing and planned Chapter 2: Identifying 

business models. Business Models 

m Analyze the company model and 
the geographical scope. Models 
include regional, national, 
international, subsidiary, and 
branch offices. 

m Analyze company processes. Processes 
include information flow, 
communication flow, service and 
product life cycles, and decision-making. 


Hands-on Project(s) 


Analyze the existing and planned Chapter 2: Identifying 
organizational structures. Considerations Business Models 
include management model; company 
organization; vendor, partner, and customer 
relationships; and acquisition plans. 


Analyze factors that influence company Chapter 2: Identifying 
strategies. Corporate Strategies 
m Identify company priorities. and Goals 


m Identify the projected growth and 
growth strategy. 

m Identify relevant laws and regulations. 

Identify the company's tolerance for risk. 

Identify the total cost of operations. 
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Objective 


Analyze business and security requirements 
for the end user. 


Exam Objectives for MCSE Certification Exam #70-220 


Chapter: Section Hands-on Project(s) 


Chapter 2: Identifying 
the Current 
Security Model 


Analyze the structure of IT management. 
Considerations include type of administration, 
such as centralized or decentralized; funding 
model; outsourcing; decision-making process; 
and change-management process. 


Chapter 2: Identifying 
IT Administrative 
Structures 


Analyze the current physical model and 
information security model. 


m Analyze internal and external security risks. 


Chapter 2: Identifying 
the Current Technical 
Environment 

Chapter 1: Internal 
Security Risks 
Chapter 1: External 
Security Risks 


ANALYZING TECHNICAL REQUIREMENTS 


Objective 


Evaluate the company's existing and planned 

technical environment. 

m Analyze company size and user and 
resource distribution. 

m Assess the available connectivity between 
the geographic location of work sites and 
remote sites. 

m Assess the net available bandwidth. 

m Analyze performance requirements. 

m Analyze the method of accessing data 
and systems. 

m Analyze network roles and responsibilities. 
Roles include administrative, user, service, 
resource ownership, and application. 


Hands-on Project(s) 


Chapter: Section 


Chapter 2: Identifying 
the Current Technical 
Environment 


Analyze the impact of the security design on 

the existing and planned technical 

environment. 

m Assess existing systems and applications. 

m Identify existing and planned upgrades 
and rollouts. 

m Analyze technical support structure. 

m Analyze existing and planned network 

and systems management. 


Chapter 1: Managing 
Security Risks 
Chapter 2: Identifying 
the Current Technical 
Environment 


Designing a Windows 2000 Security Solution 
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ANALYZING SECURITY REQUIREMENTS 


Objective 


Design a security baseline for a Windows 2000 
network that includes domain controllers, 
operations masters, application servers, file 
and print servers, RAS servers, desktop 
computers, portable computers, and kiosks. 


Identify the required level of security for each 
resource. Resources include printers, files, 
shares, Internet access, and dial-in access. 


Chapter: Section 


Chapter 4: Securing 
Active Directory 
Chapter 6: Securing 
Servers Using Security 
Templates 


Chapter 3: All sections 
Chapter 6: All sections 


Hands-on Project(s) 


Project 4-1 
Project 4-2 
Project 4-3 
Project 4-4 
Project 4-5 
Project 3-1 
Project 3-2 
Project 3-3 
Project 3-4 


Objective 


DESIGNING A WINDOWS 2000 SECURITY SOLUTION 


Chapter: Section 


Hands-on Project(s) 


Integrate with third-party CAs. 
Map certificates. 


Design an audit policy. Chapter 3: Configuring | Project 3-6 
an Audit Policy Project 3-7 
Design a delegation of authority strategy. Chapter 4: Delegating Project 4-6 
Administrative Tasks 
Design the placement and inheritance of Chapter 4: Project 4-8 
security policies for sites, domains, and Implementing Group 
organizational units. Policies for Security 
Design an Encrypting File System strategy. Chapter 3: Encrypting Project 3-5 
File System 
Design an authentication strategy. Chapter 3: 
m Select authentication methods. Methods Implementing User 
include certificate-based authentication, Authentication 
Kerberos authentication, clear-text Chapter 6: 
passwords, digest authentication, Implementing Secure 
smart cards, NTLM, RADIUS, and SSL. Access for Non- 
m Design an authentication strategy for Microsoft Clients 
integration with other systems. 
Design a security group strategy. Chapter 4: Project 4-7 
Implementing 
Security Groups 
Design a Public Key Infrastructure. Chapter 5: All sections Project 5-1 
m Design Certificate Authority (CA) hierarchies. Project 5-2 
Identify certificate server roles. Project 5-3 
Manage certificates. Project 5-4 
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Objective 


Design Windows 2000 network services 

security. 

m Design Windows 2000 DNS security. 

m Design Windows 2000 Remote Installation 
Services (RIS) security. 

m Design Windows 2000 SNMP security. 

m Design Windows 2000 Terminal Services 

security. 


Chapter: Section 
Chapter 6: All sections 


Exam Objectives for MCSE Certification Exam #70-220 


Hands-on Project(s) 


Project 6-1 
Project 6-2 
Project 6-3 
Project 6-4 
Project 6-5 


DESIGNING A SECURITY SOLUTION FOR ACCESS BETWEEN NETWORKS 


Objective 


Provide secure access to public networks from 
a private network. 


Chapter: Section 


Chapter 10: Securing 
User Access to the 
Internet 


Hands-on Project(s) 


Project 10-1 
Project 10-2 
Project 10-3 
Project 10-4 


Provide external users with secure access to 
private network resources. 


Chapter 10: Securing 
the Internal Network 
from the Internet 


Provide secure access between private 

networks. 

m Provide secure access within a LAN. 

m Provide secure access within a WAN. 

m Provide secure access across a public 
network. 


Chapter 9: All sections 


Project 9-1 
Project 9-2 
Project 9-3 
Project 9-4 


Design Windows 2000 Security for remote 
access users. 


Chapter 8: All sections 


Project 8-1 
Project 8-2 
Project 8-3 
Project 8-4 
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DESIGNING SECURITY FOR COMMUNICATION CHANNELS 


Objective 
Design an SMB-signing solution. 


Chapter: Section 


Chapter 7: 
Implementing Server 
Message Block Signing 


Hands-on Project(s) 
Project 7-1 


Design an IPSec solution. 
Design an IPSec encryption scheme. 
Design an IPSec management strategy. 
Design negotiation policies. 
Design security policies. 
Design IP filters. 
Define security levels. 


Chapter 7: Securing 
Network Traffic 
Using IPSecurity 


Project 7-2 
Project 7-3 
Project 7-4 


